This curriculum is designed for a high school computer science course focused on cyber security. Each of the units have activities that could be used with or without prior coding knowledge so the course is customizable to the needs of the given students/teacher.
- Ethics and Society
- Security Principles
- Classic Cryptography
- Modern Cryptography
- Malicious Software
- Physical Security
- Web Security
The units and topics outlined are designed to be stand-alone. Each unit can be taught alone or all of the units could be taught as a full-year course in cyber security.
This repository is designed to be teacher-facing and it is left to the teacher to use an existing LMS or other method of giving links, activities, and supporting documents to the students.
Throughout the year, there are several ongoing projects. Some of these activities will be called out specifically in a lesson but for the majority of the time these are activities which can be slotted in by the instructor.
Blog - Each student should maintain a blog. There are many online blog platforms available. If privacy is a concern, the blog could be done in a document that the student shares with the instructor. The goal of the blog is for students to express thoughts on cyber security principles and ideas, and as a way for students to better think about how they will engage with the topics being discussed.
So much of the class is designed to inform and make students aware of cyber principles. The blog gives a context for how they will act based on the knowledge and how they would let others know how to act to remain secure online.
News Articles - This can be done weekly or as frequently as you find useful. Students will read online news stories about cyber security, hacking, or other security issues. As with the blog, the goal is to raise awareness of cyber events and to make students more vigilant cyber citizens.
Good websites for cyber news:
- https://www.cnet.com/
- https://www.wired.com/category/security/
- https://www.yahoo.com/tech
- https://www.theverge.com/
- https://www.engadget.com/
- https://arstechnica.com/
- https://cyware.com/
Capture the Flag (CTF) - Throughout the year, you will be able to find online cyber security scavenger hunts called capture the flags or CTFs for short. There are a number of these geared toward high school students and this is frequently a good way to see what the students are learning in a fun, engaging, game-like way.
- https://picoctf.com/
- https://www.ctf.live/
- https://hsctf.com/
- https://tjctf.org/
- https://www.pactf.com
- https://www.easyctf.com/
- https://github.com/ctfs/write-ups-2016/tree/master/tjctf-2016
There are several resources that are used throughout the curriculum. As with any of the lessons you can customize what works for you and what doesn't.
CodeAcademy It may be useful to look at several of the lessons in Code Academy depending on the background and interest of your students. Lessons that will be useful are noted throughout the curriculum but they are specifically:
- Python Programming
- Command Line Interface
- HTML & CSS
- PHP
- SQL
Blown to Bits Book Blown to Bits is a book that looks at many aspects of digital life, it's history, and where it might go. This is a free book online but can also be purchased as a physical book.
The Code Book The Code Book by Simon Singh looks at historical cryptography and tells the story behind the mathematics. This book is a great way to engage students with the material through story and the literal life and death struggle of people using and inventing cryptographic methods. This book is an adaptation of his original Code Book designed for young adult readers.
PaizaCloud This service gives you access to a remote virtual machine that can be used as a web server. This is used in the web security section. The remote VM also has a command line terminal that can be used to learn Linux commands on a remote server.
Codio Codio is a subscription service but also offers remote virtual machines. This is a better fit for having students join a class and being able to distribute files to them to begin with.
Python.org If you want to do the programming activities and want to run the code locally on the computers. I recommend the IDE from Python.org though there are many others available. All of the coding activities have been written using Python 3.
Dr. Java Dr. Java is a lightweight Java IDE that is very forgiving of a computer that does not have the full Java SDK installed. There are a few times when running a Java application will be useful in the curriculum and this allows students to run the code.
Code.org Code.org has several courses designed to teach coding and a wider understanding of computer science. Several lessons in their Computer Science Principles course are extremely applicable to cyber security and have been included here. The instructor will need to setup an account with Code.org and give all students a login for this portion to work.
US Cyber Patriot CyberPatriot the National Youth Cyber Education Program created by the Air Force Association to inspire K-12 students toward careers in cybersecurity or other science, technology, engineering, and mathematics (STEM) disciplines critical to our nation's future. At the core of the program is the National Youth Cyber Defense Competition, the nation's largest cyber defense competition that puts high school and middle school students in charge of securing virtual networks. Other programs include AFA CyberCamps, an elementary school cyber education initiative, a children’s literature series, and CyberGenerations –a cyber safety initiative geared toward keeping senior citizens safe online
Cyber Security Curriculum is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.